You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2018/04/03 14:49:27 UTC
nifi git commit: NIFI-4788 This closes #2427. Exposing
nifi.web.proxy.host configuration for Docker containers.
Repository: nifi
Updated Branches:
refs/heads/master 364985fb4 -> 7c0ee014d
NIFI-4788 This closes #2427. Exposing nifi.web.proxy.host configuration for Docker containers.
Signed-off-by: joewitt <jo...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/7c0ee014
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/7c0ee014
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/7c0ee014
Branch: refs/heads/master
Commit: 7c0ee014d339588547a2bab18a68f7d1dfdd28af
Parents: 364985f
Author: Aldrin Piri <al...@apache.org>
Authored: Tue Jan 23 10:43:45 2018 -0500
Committer: joewitt <jo...@apache.org>
Committed: Tue Apr 3 07:49:06 2018 -0700
----------------------------------------------------------------------
nifi-docker/dockerhub/README.md | 3 +++
nifi-docker/dockerhub/sh/secure.sh | 7 +++++++
nifi-docker/dockerhub/sh/start.sh | 5 +++++
3 files changed, 15 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/7c0ee014/nifi-docker/dockerhub/README.md
----------------------------------------------------------------------
diff --git a/nifi-docker/dockerhub/README.md b/nifi-docker/dockerhub/README.md
index 4d9a559..31e808e 100644
--- a/nifi-docker/dockerhub/README.md
+++ b/nifi-docker/dockerhub/README.md
@@ -134,3 +134,6 @@ can be published to the host.
| HTTPS Port | nifi.web.https.port | 8443 |
| Remote Input Socket Port | nifi.remote.input.socket.port | 10000 |
+=======
+**NOTE**: If mapping the HTTPS port specifying trusted hosts should be provided for the property _nifi.web.proxy.host_. This property can be specified to running instances
+via specifying an environment variable at container instantiation of _NIFI\_WEB\_PROXY\_HOST_.
http://git-wip-us.apache.org/repos/asf/nifi/blob/7c0ee014/nifi-docker/dockerhub/sh/secure.sh
----------------------------------------------------------------------
diff --git a/nifi-docker/dockerhub/sh/secure.sh b/nifi-docker/dockerhub/sh/secure.sh
index 919e118..5ff56e4 100644
--- a/nifi-docker/dockerhub/sh/secure.sh
+++ b/nifi-docker/dockerhub/sh/secure.sh
@@ -52,6 +52,13 @@ prop_replace 'nifi.web.https.port' "${NIFI_WEB_HTTPS_PORT:-8443}"
prop_replace 'nifi.web.https.host' "${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}"
prop_replace 'nifi.remote.input.secure' 'true'
+# Check if the user has specified a nifi.web.proxy.host setting and handle appropriately
+if [ -z "${NIFI_WEB_PROXY_HOST}" ]; then
+ echo 'NIFI_WEB_PROXY_HOST was not set but NiFi is configured to run in a secure mode. The NiFi UI may be inaccessible if using port mapping.'
+else
+ prop_replace 'nifi.web.proxy.host' "${NIFI_WEB_PROXY_HOST}"
+fi
+
# Establish initial user and an associated admin identity
sed -i -e 's|<property name="Initial User Identity 1"></property>|<property name="Initial User Identity 1">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_HOME}/conf/authorizers.xml
sed -i -e 's|<property name="Initial Admin Identity"></property>|<property name="Initial Admin Identity">'"${INITIAL_ADMIN_IDENTITY}"'</property>|' ${NIFI_HOME}/conf/authorizers.xml
http://git-wip-us.apache.org/repos/asf/nifi/blob/7c0ee014/nifi-docker/dockerhub/sh/start.sh
----------------------------------------------------------------------
diff --git a/nifi-docker/dockerhub/sh/start.sh b/nifi-docker/dockerhub/sh/start.sh
index 7e340a6..2775bc7 100755
--- a/nifi-docker/dockerhub/sh/start.sh
+++ b/nifi-docker/dockerhub/sh/start.sh
@@ -41,6 +41,11 @@ case ${AUTH} in
. "${scripts_dir}/secure.sh"
. "${scripts_dir}/update_login_providers.sh"
;;
+ *)
+ if [ ! -z "${NIFI_WEB_PROXY_HOST}" ]; then
+ echo 'NIFI_WEB_PROXY_HOST was set but NiFi is not configured to run in a secure mode. Will not update nifi.web.proxy.host.'
+ fi
+ ;;
esac
# Continuously provide logs so that 'docker logs' can produce them